Issue: Vulscan stuck in a loop following deployment of SP1 for LDMS 9.5

Version 9

    Verified Product Versions

    Endpoint Manager 9.5

    Note: Installation of the latest Service Pack is recommended to resolve this issue.


    Issue

     

    The security and compliance scanner (Vulscan) is running repeatedly on client systems after installing Service Pack 1 for LDMS 9.5.

    The Vulscan log files will show the scanner repeatedly downloading settings .XML files.

     

    Cause

     

    This is due to a bug in code that is causing vulscan to loop continuously when installing a patch calls for a reboot, but a reboot is not allowed due to the Scan and Repair or Agent settings.

     

    This issue will only occur when the following conditions are met:

     

    1. The client computer has pending continue tasks
      (This is visible in the registry under HKLM\Software\LANDesk\ManagementSuite\WinClient\Vulscan\Continue)
      (It is also written into the local scheduler as a task)
    2. Scan and Repair Settings or Agent Settings are set to (Never Reboot)
    3. A reboot is actually needed.
    4. Vulscan /continue gets launched (usually from local scheduler).

     

    Vulscan will loop indefinitely attempting to trigger the reboot.  A reboot of the client will fix this condition if the patch has been applied to the core.

     

    If a reboot is not possible, terminating the existing Vulscan process will be necessary to allow the client to download the updated vulscan.dll file.

     

    Taskkill or PSKill can be used to terminate the running process.

     

    Resolution

     

    Install the latest service pack.

     

    Client computers will then automatically update to the new vulscan.dll file the next time a Security and Compliance scan is run.